ADVISORY

Banking systems survey 2012 Trends report

FiNaNCiaL sErviCEs

2 | Banking systems survey 2012

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 3

Content

Executive summary 1 Introduction 1.1 About the survey 2 IT human resources 2.1 IT staff ratios 2.2 Outsourcing 2.3 Expectations 3 IT system strategy 3.1 Make or buy 3.2 Core banking systems 3.3 Satisfaction ratings 3.4 Changes 3.5 Activities regarding regulatory developments 4 Innovative technologies and trends 4.1 Cloud computing 4.2 Mobile banking 4.3 Social media 4.4 Cybercrime 4.5 Rationalisation Appendix

4 5 5 6 6 7 9 10 10 10 11 12 13 15 15 17 18 21 22 23

2013 KPMG Advisory N.V.

4 | Banking systems survey 2012

Executive summary
In KPMGs 2012 Banking systems survey we highlight several IT developments within the Dutch banking sector, covering human resources, IT strategy and core banking systems and several innovative technologies and trends.

Banks IT departments have not escaped the significant staff reductions that have taken place throughout the banking sector in the years since the financial crisis began. Expectations are that this downward trend will continue for some time to come. Against this backdrop we observe that the ratio of IT staff to total staff has decreased slightly since our previous survey in 2010. Until then, this ratio had remained fairly stable. Continued outsourcing of IT activities and rationalisations of banks IT landscapes may explain why IT staffs have shrunk relatively more than banks total staffs. Within IT departments, we observe a shift towards larger proportions of external staff. This is probably related to the increasing number of change projects required to comply with new rules and regulations, projects that banks prefer to staff with temporary external experts. With respect to banks strategies on their core banking systems and banking solutions we observe that banks increasingly source those from external software vendors. The need for banks to develop their own banking systems consequently decreased further, continuing the development we signalled in our 2010 survey. The market for core banking

software has become a mature market, and software vendors have further developed their banking solutions to meet client needs. In our survey we find that banks indeed are generally satisfied with the performance of their current banking systems. We also notice a trend within some of the banking operations, in particular retail banking and supportive functions like financial accounting and reporting, to use more cloud or outsourcing solutions. In the final chapter we address the trend among banks to rationalise their IT landscapes, as well as their use of several innovative technologies. We see that banks have an increasing interest in cloud computing, mobile banking, social media. To use these technologies, they must pay adequate attention to information security in order to mitigate the risk of losses due to for instance cybercrime attacks. On the losses caused by cybercrime attacks, almost 60% of the respondents answered that the total loss caused by usage of social media and cloud computing is less than EUR 500,000. However, almost 40% responded that they have no insight in the amount of losses.

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 5

1 Introduction
1.1 About the survey
In our last survey in 2010 we reported on the emergence of some signs of economic recovery from the global nancial crisis. Two years later however the nancial services industry is still facing the effects of the economic downturn. One of the consequences of the crisis are the increasing regulatory demands the banking sector is confronted with, such as Basel 3, Recovery & Resolution Planning, Banking Tax and MIFID 2. These regulatory requirements have an impact on both the business operations as well as the IT operations and change agenda. At the same time we see that banks take cost constraint measures. These measures unfold by means of reducing the number of staff and reducing budgets both for running the bank as well as for changing the bank. On the other hand, some banks do recognise the importance of investing in their application landscape and strive to rationalise it in an attempt to reduce its complexity and costs. Another development is that banks are investigating new business models for banking driven by technology innovation. One example in the Netherlands is Knab Bank (a subsidiary of Aegon Bank), a bank built from scratch, making use of the latest technology and built on a lean and mean IT landscape and supporting organisation. Another example is Fidor bank in Germany. This bank fully embraces the concept of social media and regards itself as a social media bank. Customers are in a position to inuence their interest rate by means of Facebook likes. One thing is clear: the banking sector will face changes in the coming years due to evolving technologies, new competitors, ever more regulatory requirements and the increasing pressure all this puts on their business and cost models. A reconsideration of the banking system landscape and addressing new technologies will be necessary elements of any strategy that is developed to respond to this trend. KPMGs IT Advisory has examined the most topical issues and trends driving banks in the Netherlands with regard to the use of core banking systems. We dene core banking systems as applications responsible for core banking functions such as processing and posting of transactions, performing accounting, maintaining accounts, keeping securities positions and clearing payments. This publication provides the results of the 2012 KPMG IT Advisory banking systems survey for the Netherlands.
2013 KPMG Advisory N.V.

The survey is conducted periodically (the previous one was published in July 2010), and is based on both interviews and questionnaires for online information gathering. The questionnaire was developed by a team of KPMG IT Advisory professionals, specialised in the nancial services industry. Furthermore, we included in this report our vision on trends we perceive in the banking sector in the Netherlands. The report may be interesting to any bank currently preparing its IT services to accommodate future growth and transformation. Amstelveen, March 2013 Brigitte Beugelaar Partner KPMG IT Advisory

6 | Banking systems survey 2012

2 IT human resources
This chapter presents the results on IT-related human resources aspects, encompassing among others the developments in number of IT staff compared to total staff, and the division of activities between IT staff involved in either running or changing the bank. We also look at expectations regarding employment of IT staff in the coming years and we compared these with the results of our previous survey.

2.1 IT staff ratios

IT staff in Dutch banks accounted for 10% of total staff in 2012, a slight decrease compared to 2010 when the share of IT staff was at 12% (see Figure 1). This relative decrease in number of IT staff occurred against the background of a general decline in employment within the nancial services sector during the last years. Five years into the nancial crisis banks still face major problems. To solve these, banks will have to reorganise themselves, which often goes with downsizing the number of employees. Worldwide a total of 350,000 jobs have been shed by banks and insurance companies during the rst two years of the nancial crisis1. Dutch banks are no exception in this regard given the recent reports about their plans for further layoffs. We expect that the number of jobs in the banking sector will continue to decrease the coming years, as banks will further optimise and reduce their operations, outsource non-core activities (e.g. IT data centers) and shrink their geographical footprints. The geographical distribution of IT staff versus non-IT staff reects the fact that the majority of the banks in our survey have their headquarter in the Netherlands; most of the IT staff resides in the Netherlands and primarily serves the Dutch operations. Some of the surveyed banks also provide IT services to their international network of subsidiaries or branches, but these activities are generally very limited. This is in line with the development that many banks reduce their international footprint in response to the nancial crisis and sell their entities abroad or downsize their activities there (see Figure 2).
100% 80% 60% 40% 20% 0%
12% 10% 88% 90%

Non-IT staff NL IT staff NL

2010

2012

Figure 1: IT staff versus non-IT staff

100% 80% 60% 40% 20% 0%

8% 7% 20% 92% 93% 80%

Total employees - headquarters

Total employees - global

Total employees - NL

Non-IT

IT

Figure 2: Geographical division of IT stafng versus non-IT stafng

http://nos.nl/artikel/437925-banken-zetten-bijl-in-personeel.html

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 7

Our survey results show that banks have on average increased their proportion of external IT staff, from 20% of total IT staff in 2010 to 24% in 2012 (see Figure 3). Internal IT staff tend to be more involved in IT operations (running the bank) whereas external IT staff is more involved in development activities and projects (changing the bank) (see Figure 4). The increased proportion of external IT staff can be understood by taking into account the increasing regulatory demands on banks (e.g. SEPA, Basel 3). These demands have a large impact on the IT environment and require a large number of change projects; for such projects external IT resources are often hired. Furthermore, banks strive for more exibility on stafng, which explains why for temporarily activities such as change projects they prefer to hire external IT staff.

2.2 Outsourcing
The need for cost saving is the most inuential factor behind organisations decisions to outsource. The second most inuential factor is access to skills. Technology functions need to react quickly to be able to offer the right skills and capabilities to successfully full the role that is being demanded of them today. The heart of this role requires understanding both the technology and strategic business landscapes. This is why CIOs are looking for new skills and capabilities. They demand a greater level of intimacy with the service provider and it will require service providers to invest in a greater skill set in order to full this role. (Source: Strategic visions on the sourcing market, KPMG, 2013).

100% 80% 60% 40% 20% 0% 2010 2012

80% 76% 20% 24%

External IT staff Internal IT staff

Cost saving has been a leading rationale behind organisations decision to outsource

Figure 3: Internal versus external IT staff

100% 80% 60% 40% 20% 0% Internal IT staff External IT staff

43% 74% 26% 57%

Running Changing

Figure 4: IT stafng; running versus changing

2013 KPMG Advisory N.V.

8 | Banking systems survey 2012

The majority of the banks participating in our survey (90%) indicated that they make use of IT outsourcing. It is therefore safe to say that outsourcing of IT activities has been rmly entrenched in the banking sector. The survey results show that outsourcing, at least in part, is most common for operational activities (at 55% of the banks), followed by development and project work at 50% of the banks. 25% of the banks outsource other or additional activities such as the installation of the physical network (cables) in new branches, support and monitoring, and business continuity and disaster recovery services (see Figure 5).

Over three quarters of the banks we surveyed indicated that no more than four employees are involved in managing the outsourcing relationship (see Figure 6). Our experience tells us that a main reason why banks that have outsourced their IT activities often face issues is a lack of sufcient experience in managing the relationships with their IT outsourcing suppliers. Another reason is that IT employees often need to full multiple roles. Employees are asked to participate in outsourcing projects but are also expected to continue doing their usual tasks. We note that especially smaller banks experience difculties in managing outsourcing relationships. Issues that arise when outsourcing IT services are often due to an underestimation of the processes that need to be redesigned to t the service provider, the impact of the changes within the organisation, and the size of the project. Not dening clear and measurable performance indicators frequently causes problems as well. Also, creating a common view between banks and outsourcing suppliers on the services that need to be outsourced is often a complex and time consuming process. It requires both extensive knowledge of internal processes from bank IT staff involved and sector and organisation specic guidance (e.g. central bank regulations) from the service provider. Another source

100% 80% 60% 40% 20% 0% Development and projects Operations Other or additional activities
50% 55%

25% 10%

No outsourcing

% of banks that outsource

Figure 5: Outsourced activities

10% 14%

0 to 4 5 to 9 More than 10
76%

Figure 6: Number of staff to manage outsourced activities

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 9

of problems is that banks often select a service provider primarily from a cost perspective. This tends to favour generalist service providers who may have little or no experience in servicing banks with their specic regulatory requirements, which easily results in misunderstandings and failures to meet the required service levels. KPMGs outsourcing research studies have consistently shown a direct correlation between outsourcing governance capabilities and client satisfaction with outsourcing efforts. In other words: effort pays off in outsourcing. Focusing on how best to improve outsourcing governance capabilities will therefore very likely lead to higher satisfaction levels among companies that outsource. KPMG research shows that signicant activity is going on in this area: Many of the investment banks are pursuing programmes to improve efciency by creating standardised and reusable tools, processes and data. This is driven by increasing regulatory pressure, changing or reducing revenue streams and a need for greater global consistency of middle and back ofce processes. In this changing world, up to 60 % of the middle and back ofce functions of these organizations are using centers of excellence and global shared services. This will result in low cost but more importantly greater standardisation globally. (Source: Strategic visions on the sourcing market, KPMG, 2013). It was indicated by 55% of the banks that they experience more attention from the regulator on their IT outsourcing. The attention from the regulator relates to new guidelines (e.g. for cloud computing and outsourcing), to questions on being in control and to management of security and availability risks.

greater focus on their domestic markets, as well as the downsizing of the banking sector in general, make it highly likely that banks internal IT staffs will be reduced. All together we see that still a majority expects that the number of internal IT staff remains stable or will increase. Banks nevertheless indicated that available IT budgets will be primarily used for investment and innovation, and also for new hiring. The latter could lead to the hiring of more external IT staff. And indeed, 40% of respondents expect that the number of external FTEs will increase in order to have a more exible workforce and to reduce xed labour costs (see Figure 8).

100% 80% 60% 40% 20% 0% 2010 2012

55% 25% 45% 25% 26%

50%

Increase Stable Decrease

Figure 7: Internal IT stafng expectations

100% 80% 60% 40% 20% 0%

17%

40%

2.3 Expectations
In 2010 none of the respondents expected that the number of internal IT staff would decrease in the near future (see Figure 7). In 2012 however, a quarter of the respondents indicate that they expect this number to decrease. This seems logical given the overall decrease in the number of staff employed at banks in the current economic climate; IT staff will not escape from this trend. Developments like the increasing standardisation of processes and systems, the reduction in number of business activities and banks

65%

35% 25%

Increase Stable Decrease

18%

2010

2012

Figure 8: External IT stafng expectations

2013 KPMG Advisory N.V.

10 | Banking systems survey 2012

3 IT system strategy
This chapter presents the survey results regarding the IT strategy of banks, including the usage and the renewal frequency of banking systems, and banks time horizons for changing their application landscapes. Furthermore, this chapter discusses the banking solutions currently used by our respondents and the level of satisfaction with these banking systems.

3.1 Make or buy

We asked the banks about their IT system strategies, including the decision to make or buy core banking systems and about their views on outsourcing and cloud computing of these systems. With respect to these questions, we differentiated between several business activities such as retail banking, private banking, wholesale and commercial banking and internal operations. Under internal operations we included nancial accounting and reporting, risk management, treasury and ALM operations. Figure 9 shows that buying core banking systems still is the main strategy in all of these business domains. Certain banks however have started using cloud computing or outsource solutions, especially in retail banking and private banking activities. Outsourcing core banking systems to a partner or making use of cloud computing for core banking systems might be worth investigating in light of attempts to lower the cost-toincome ratio and to rationalise the often complex application

landscape. The standardisation in banking products and a base of more mature vendors and suppliers also facilitate the trend to buy and/or make use of cloud solutions. It is our expectation that banks will further explore and make use of these possibilities.

3.2 Core banking systems

In our survey we asked banks about their software suppliers; the results show that there are no dominant software vendors in the Dutch market. The market for core banking systems in the Netherlands is characterised by the presence of numerous vendors, all competing for the attention of a limited number of banks. There are more than 10 vendors with an installed base in the Netherlands. For some business activities, in particular for private banking, we notice that Dutch software vendors are preferred because their offerings include functionality that addresses specic Dutch regulatory requirements. An example is Europort+ by ABLE. Other solutions that are commonly used by banks in their

100% 80% 60% 40% 20% 0%

3% 20% 41% 70%

2%

68% 24% 32% 10% 70% 3% 27% 30%

Make use of cloud solutions for core banking system Buy core banking system Outsource core banking system process to partner Develop inhouse banking system

Retail banking activities

Private banking activities

Wholesale and commercial banking activities

Internal banking activities

Figure 9: IT system strategy

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 11

operational domains retail and wholesale & commercial banking are T24, Midas, Atlas, SS&C and Flexcube. An example of next generation banking software to retail and private banks comes from Five Degrees Solutions, a new player on the market. Its Matrix product offers a exible and integrated banking platform, which can be extended to a full banking system including customer interfaces and back-end system. With functionalities like these available off the shelf it may be expected that new products can be launched faster, new technology enables new channel like mobile banking etc. The diversication in the banking system landscape may at rst be interpreted as a sign of healthy competition. However, the drawback of such strong vendor diversication is that development and support for domestic nancial products and interfaces to Dutch processors might be costly for the client and unprotable for the vendor. For example, payment systems generally use domestic formats that require support from and a connection to a payment processor such as Equens. As an exception, for general ledger applications there is no broad supplier base. The market for these applications is dominated by three vendors: Exact, SAP (with its nancial management software) and Unit 4 (with its CODA product). The core banking system landscape in the Netherlands has not changed signicantly compared to 2010. Might this be

an indication that investments in rationalising or improving the core banking system environments have been placed on hold due to the nancial crisis? Probably, as we have also seen a decrease in budgets available for IT departments. However, we do expect that banks requirements for solutions that offer exibility and connectivity will have an impact on the banking system landscape of the future, as well as on the product development roadmaps of software vendors. According to our survey results, to banks the most important factor in their core banking system decisions include technology, regulation, security, compliance & control (see Figure 10).

3.3 Satisfaction ratings

Participants in our survey were asked to indicate to what extent they are satised with their banking systems currently in use. Additionally, we asked banks what they identify as areas of improvement, and what changes in their application landscape they expect to take place in the coming years. Assessing the satisfaction level of banks with their core banking systems is a challenging exercise. Given that banking processes are highly automated, no bank can afford to support a non-performing system. Information accuracy and completeness, performance and business continuity are vital requirements for every banking business unit; systems

25% 20% 15% 10% 5% 0% Technology Regulation Security, Cybercrime compliance and control
13% 20% 20% 20%

27%

Others

Figure 10: Most important factor in banks core banking systems

2013 KPMG Advisory N.V.

12 | Banking systems survey 2012

that do not meet these quality requirements simply will have to be replaced. It is no surprise therefore that most respondents indicated to be satised with their core banking systems, especially regarding their functionality. This can be explained by the fact that it regards a mature market. The results shown in Figure 11 below indicate that the overall level of satisfaction with most of the banking systems is predominantly rated as medium or high. Only a small percentage of respondents rates their satisfaction with their banking system as low. Figure 12 shows this percentage is the highest in private banking . A reason for this may be that IT systems in private banking are usually less standardised, which leads to higher maintenance costs.

3.4 Changes
Most banks indicated that they planned upgrades or replacements of their banking systems to start within a year. This is true in all operational domains except for the internal operations domain where only a third of the respondents plan such changes to start within one year. These responses are in line with those provided in the 2010 survey in which it was indicated that an upgrade or replacement of the banking systems was expected three years later. The nature of the planned changes varies: for retail client operations they mostly involve the replacement of systems, whereas for internal operations changes are mostly limited to improvements on current systems. For wholesale and commercial banking operations a mix of system replacements and improvements are expected. In our opinion changes in the banking system landscape are necessary for banks to lower their cost-to-income ratios and remain competitive with new entrants in the sector that do not have large and expensive legacy environments for relatively standardised banking products. The replacement of legacy systems also enables banks to introduce new technologies that support new consumer demands, like being able to trade securities via mobile devices.

100% 80% 60% 40% 20% 0%

6% 63% 31%

High Medium Low

Figure 11: Overall satisfaction ratings regarding banking systems

100% 80% 60% 40% 20% 0%

4% 13% 5% 4% 64% 67% 57% 63% 32% 20% 38% 33%

High Medium Low

Retail banking activities

Private banking activities

Wholesale and commercial banking activities

Internal banking activities

Figure 12: Satisfaction ratings regarding banking systems, per operational domain

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 13

100% 80% 60% 40% 20% 0%

15% 8%

26% 4% 100% 70%

33,3%

33,3%

77%

5 years 3 years 1 year

33,3%

Retail banking activities

Private banking activities

Wholesale and commercial banking activities

Internal banking activities

Figure 13: Overview of intention to change the applications

100% 80% 60% 40% 20% 0%

40% 30% 11% 60% 40% 70% 33% 11% 11% 30% 20% 10% 56% 78%

10% 45% 90% 33% 60% 12% 22% 13% 11% 22% 30% 10% 75% 67%

10%

60%

30%

Basel III

MIFID

Deposit Guarantee Scheme

EMIR

Dodd Frank Act

FATCA

FTT

IFRS

Market Recovery Abuse Resolution Directive Planning

SEPA

Already in place

Analysing and preparing

Not started at all

Figure 14: Overview of status per rule/regulation

3.5 Activities regarding regulatory developments

We also requested participants in our survey to share with us what activities they have initiated in order to comply with regulatory requirements. In Figure 14 the status of these activities is presented for several regulatory requirements, for example SEPA, Basel 3 and FATCA. For most of these new regulations the majority of the banks have already
2013 KPMG Advisory N.V.

started or have even nished the projects. However, there are still a few regulations, such as DFA, EMIR, MAD and RRP , for which the banks have yet to start activities. Partially this can be explained by the fact that, for certain regulations, deadlines for implementation or compliance are still sufciently far out. It is remarkable however that many banks have not yet started with the preparations for and implementations of EMIR (European Market Infrastructure Regulation) and MAD (Market Abuse Directive), despite the fact that the deadline for both these regulations is in 2014.

14 | Banking systems survey 2012

The majority of the banks could not indicate what the costs of compliance with the regulatory requirements for them will be (see Figure 15). However, the few banks that were able to provide a cost estimate indicated that the costs for individual regulatory projects will in most cases be less than EUR 500,000. Evidently these costs are related to the size and complexity of each bank. The impact of the regulations in the banking sector will be high. In 2012 KPMG estimated that the most likely scenario envisaged, in which banks can adjust their funding prole to a limited extent, leads to after retaining all earnings to strengthen solvency and liquidity a cumulative shrinkage of EUR 200 billion (approximately 9% of total assets) combined with an average price increase in lending of 0.80 to 0.90 percentage point (The cumulative impact of regulation, KPMG 2012). Banks will probably not be able to absorb all the associated costs themselves. The extent to which they will pass these on to their customers depends on the measures taken by each bank. However, fee increases and service cutbacks are realistic possibilities facing bank customers.

100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Basel III MIFID Deposit Guarantee Scheme
40% 44% 40% 25% 13% 13% 33% 13% 40% 20% 11% 67% 11% 10% 87% 87% 100% 10% 22% 30% 45% 11% 60% 75% 87% 56% 50%

EMIR

Dot Frank Act

FATCA

FTT

IFRS

Market Abuse Directive

Recovery Resolution Planning

SEPA

Less than EUR 500.000 Between EUR 500.000 and EUR 1.000.000

More than EUR 1.000.000 Unknown Costs

Figure 15: Overview of impact in EUR per rule/regulation

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 15

4 Innovative technologies and trends

This chapter presents the survey results on the status of several innovative technologies such as cloud computing, mobile banking and social media in the banking industry. We have asked the participants to indicate to which extent they are currently utilising these innovative technologies or if they plan to adopt these technologies in the near future. In addition we have asked the participants about the impact of cybercrime on these new technologies.

4.1 Cloud computing

Cloud computing is enjoying more popularity. A combined 52% of the banks we surveyed consider using services from a cloud service provider or think about developing and/or using a private or internal cloud network (see Figure 16). But although banks have a high interest in the use of cloud computing services, only 14% are actually using such services. Banks are facing signicant market pressures, regulatory pressures and security issues. The IT organizations are trying to help new products get to market quickly with agile processes while facing pressure to reduce costs. However, the IT environments are complex and highly heterogeneous, which often lead to high support and maintenance costs. Making use of cloud computing might be a solution to solve the above mentioned aspects.

Cost reductions and strategic benets for nancial rms One of Indias largest nancial services providers says that cost reductions from the cloud will be signicant. However the strategic benets are far and away more vital than the cost savings. the company adds. Agility, being on the forefront of innovation and being able to transition quickly are the objectives worth attaining. (KPMG, Clarity in the Cloud, 2012)

To evaluate and prepare for the cloud, companies have to determine what type of cloud would best suit their needs. In order to do that, they have to assess their readiness for change by looking at governance, processes, compliance and technical architecture. They also have to look at applications, and most importantly, they have to assess the people, processes and technology critical to operate within the cloud.

40%
29%

20%

24% 14% 14% 14% 5%

0% Considering using services from a cloud Developing/using a private or internal cloud network Cloud computing is not useful, applicable or relevant to our organisation No interest in cloud computing Receiving services already today from a cloud provider

Dont know enough about cloud computing

Figure 16: Cloud computing strategy

2013 KPMG Advisory N.V.

16 | Banking systems survey 2012

For cloud computing three types of the cloud can be distinguished: the external cloud, the internal cloud, and the hybrid cloud, a combination of both external and internal clouds. There are industry-specic differences in the adoption of internal vs. external clouds. Not surprisingly, heavily regulated industries, such as nancial services and healthcare, demonstrate a stronger likelihood of adopting a internal cloud (KPMG, Clarity in the Cloud, 2012). Indeed, half of the banks in our survey opted for the internal cloud solution (see Figure 17). The types of product that are placed in the cloud differ from bank to bank, but for many banks include brokerage, credit cards, current accounts, securities trading, asset management, wealth management and savings. Other activities that are often placed in the cloud are infrastructure services (e.g. email), reporting & business intelligence and general ledger activities. Banks were asked which aspects of cloud computing they consider to be positive, neutral or negative (see Figure 18). As positive aspects of cloud computing banks mention the availability of services, the business case & ROI and performance. Cloud computing is considered to have a negative impact on condentiality and privacy, and on the ability to comply with rules and regulations. The latter seems logical since banks are tied to extensive regulatory rules on data privacy and cloud computing.

25% 50% 25%

External cloud Hybrid cloud Internal cloud

Figure 17: Types of cloud computing

Internal clouds will dominate the most critical functions Many factors drive the decision over external or internal cloud. Industries with the strongest adoption of internal clouds are nancial services, healthcare and diversied industrials (averaging 45% of respondents), with nancial services and healthcare facing heavy regulatory and compliance issues that are exacerbated, though not impossible in the cloud. Organizations custom-congured applications and infrastructure also contribute to the need for internal cloud solutions versus the standardized solutions among external clouds. (KPMG, Clarity in the Cloud, 2012)

100%
17%

17% 50% 75% 67% 83% 50% 50% 25% 33% 9% 58% 50% 33%

17%

80% 60%
75%

33%

40% 20% 0%
8%

50%

Implementation

Availability

Supplier

Integrity

Condentiality

Business case and ROI

Performance

Rules and regulations

Positive

Neutral

Negative

Figure 18: Factors inuencing the cloud computing strategy 2013 KPMG Advisory N.V.

Banking systems survey 2012 | 17

4.2 Mobile banking

Banks are participating in the mobile evolution in a number of different ways. Some are being proactive by developing and deploying innovative mobile solutions for which no clear demand yet exists, with an eye towards gaining market share and driving new sources of revenues. Others are waiting for standards to be set and for customer demand to reach a critical mass. Regarding the use of mobile banking technologies, a combined 55% of the banks in our survey consider using mobile banking applications or think about developing such applications. Banks were asked what factors relating to their mobile banking strategy they consider to be positive, neutral or negative. As positive factors of mobile banking the availability of the service to customers, the business case & ROI and the quality of supplier were mentioned. Negative aspects of mobile banking included the integrity of services, the issues surrounding condentiality and privacy, and the effort required to comply with rules and regulations.

40%
30%

20%

25% 20% 10% 10%

0% Considering to make use of mobile banking applications Developing mobile banking applications Offering services already today to clients Dont know enough about mobile banking applications No interest in mobile banking

5%

Mobile banking is not useful, applicable or relevant to our organisation

Figure 19: Mobile banking strategy

100% 80%

13%

20% 60%

7% 27% 60% 73%

13%

7%

60% 40% 20% 0%

60% 80% 73%

74%

73%

40% 13% 7%

33%

27%

33% 7%

Implementation

Availability

Supplier

Integrity

Condentiality

Business case and ROI

Performance

Rules and regulations

Positive

Neutral

Negative

Figure 20: Factors inuencing the mobile banking strategy 2013 KPMG Advisory N.V.

18 | Banking systems survey 2012

Another KPMG study found that security is banks main concern as they develop their mobile payment strategies. An interviewee mentioned: We are locked in a constant battle against those that try to breach our system (KPMG, Monetizing money, 2011) More than half of the banks in our survey indicated that only 10% or less of their clients are currently using mobile banking applications. This is consistent with other research (TNS NIPO, Mobile life 2011); providers indicate that they are ready, but the Dutch consumer is still not convinced of the benets of mobile banking. In the Netherlands, as well as in many other Western countries, the current payment methods and payment infrastructure cause hardly any problems and are generally perceived as very safe, available and fast. Mobile banking is therefore not that as widely adopted as for instance in Africa, where the payment infrastructure is more problematic and mobile banking is used on a larger scale. Mobile banking services can be offered via different technologies such as mobile websites, mobile apps and text messages. Most respondents indicated that they make use of mobile apps solutions for both payments and securities trading. The use of mobile websites and text messages was less favoured for doing payment and securities transactions.

We are locked in a constant battle against those that try to breach our system

4.3 Social media

The widespread consumer adoption of social media is hard to ignore. Already, one in ten of the worlds population has a Facebook account and almost 500 million people log onto YouTube each month. But while most business sectors have already made signicant gains by adopting social media, banks seem to be lagging behind. Few have taken even tentative steps into the social media environment and even less have initiated formal programs (KPMG, Social Banker). This seems to be in line with our results that show that only 21% of Dutch banks are already offering social media services to their clients. Social media is mostly used for retail clients and wholesale and commercial banking clients. Over half of the banks in our survey indicated that they already offer social media services to clients or consider doing that. This underlines that innovative technologies are being used more and more within banks. However, most retail banks are also struggling with a number of complex challenges and considerations that are slowing their adoption of social media. These challenges concern risk management, compliance to rules and regulations, cultural changes and impact on the existing technology environment. (KPMG, Social Banker, 2012)

100% 80% 60% 40% 20% 0% 1-10% 11-25% 26-50%

56%

22%

22%

Figure 21: Clients making use of mobile banking applications

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 19

Banks were asked what factors related to their social media strategy they consider to be positive, neutral or negative. As positive factors of social media the ease of implementation, the availability of social media and the quality suppliers were mentioned. Certain factors such as customers worries about condentiality and the efforts required to comply with rules and regulations, have a negative impact on banks social media strategies.

40% 30% 20% 10% 0% Considering to make use of social media Offering services already today to clients Developing social media services Dont know enough about social media
32%

26% 21% 11%

5%

5%

No interest in social media

Social media is not useful, applicable or relevant to our organisation

Figure 22: Social media strategy

50% 40% 30% 20% 10% 0% Retail clients Wholesale Other or clients and additional commercial client target banking clients groups Private banking clients
26% 16% 16% 42%

Figure 23: Target groups for social media

2013 KPMG Advisory N.V.

20 | Banking systems survey 2012

100% 80% 60% 40% 20% 0%

7% 7% 7% 21% 64% 64% 71% 43% 29% 29% 22% 57% 79%

14%

14%

57% 86% 79%

43% 7%

Implementation

Availability

Supplier

Integrity

Condentiality

Business case and ROI

Performance

Rules and regulations

Positive

Neutral

Negative

Figure 24: Factors inuencing the social media strategy

Fidor Bank, Germany: an online bank fully integrated with many social media features Within the banking sector Bank Fidor is the trendsetter in the eld of innovation and social media. Fidor Bank (dor is Latin for trusted) received its banking license in 2009 and has no physical branch network. Its services are built around a digital customer forum. Fidor Bank supports various digital channels. Fidor is represented through its own website and social media channels like Facebook, YouTube, Twitter and Google+. The bank distinguishes itself in terms of openness and freedom.The interaction via social media channels is also innovative. New customers can apply via Facebook Connect. Furthermore, Fidor Bank is the rst bank in the world where the interest on the customers account depends on the number of Facebook likes. The more likes, the higher the interest rate. Apart from customer-related innovation Fidor Bank makes use of partnerships, including Smava for peer-to-peer lending, Bertelsmann for distribution of services in online games and Hyper Wallet for international payments. Additional plans regarding partnerships are open software APIs for common development and support from the community for customer product and service development. Fidor Bank has introduced a business model where the customer has a central role and social media and the bank are intertwined. (KPMG, Finance with friends: gebruik van social media in de nancile sector, 2012)

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 21

4.4 Cybercrime
Cybercrime concerns performing illegal activities towards an organization using digital means. A proper understanding of the nature of these attacks is essential for effective cybercrime defense. We can distinguish two leagues of cybercrime: the junior league, where attacks are not threatening vital functions and the attackers mostly aim at stealing money from vulnerable organizations and the major league, where the aim is digital espionage or to disturb vital processes (KPMG, Shifting point views, 2012). Banks are being hit differently where it concerns the losses caused by cybercrime through mobile banking and cloud computing. Around 60% of the banks indicated that total losses caused are less than EUR 500,000 per year, via both social media and cloud computing. Large banks are more subject to cybercrime hits than smaller banks. Therefore the losses caused by cybercrime are generally higher at large banks. Banks seem unwilling to fully disclose their losses due to cybercrime, as no bank reported losses exceeding EUR 500,000 annually. We know however from our experience that such losses actually occur at Dutch banks. Nevertheless banks recognise the seriousness of cybercrime and invest continuously in prevention and detection measures. Cybercrime impacts the decisions respondents make concerning mobile banking and cloud computing. Respondents indicated that they are taking a conservative approach to new developments and that there will be no use of open cloud solutions or transactions for mobile banking applications until security is guaranteed.

Financial services The damage caused shows that not only nancial organisations report almost half of all incidents resulting in damage, they were also the victims with the most incidents in the highest damage bracket. Our survey results revealed that 75% of the over EUR 1,5 million attacks occur in this sector. In general, our survey found that nancial service organisations are more aware of cybercrime than other organisations (80%). Other key ndings include increased attention by senior management (92%), low detection ability (33%), and that 34% have budgets of EUR 750,000 or more and previous experience that attackers will not be successful (KPMG, Shifting point views, 2012).

100% 80% 60% 40% 20% 0% Mobile banking Cloud computing

62% 58% 38% 42%

Unknown EUR 500.000<

Figure 25: Total loss caused by cybercrime

2013 KPMG Advisory N.V.

22 | Banking systems survey 2012

4.5 Rationalisation
Banks indicated that their IT rationalisation strategies are mainly focused on current applications, data centres and their networks (see Figure 26). A majority of the banks (57%) stated that they expect that IT rationalisation will contribute to cost savings of 6 to 10% of total IT costs. According to the banks we surveyed, the major issues and challenges in IT rationalisation concern aspects of information security, the current complexity in processes and products, availability and costs of their IT infrastructure, as well as dealing with all the relevant rules and regulations. We expect that for some banks current developments, such as the requirement to set up recovery & resolution plans (also referred to as banks living wills), will also have consequences for the way they organise their IT system landscapes and for the products they offer to clients. In these recovery & resolution plans banks must outline how they can be broken up in case bankruptcy threatens, and its IT system landscape must allow for such a break-up.

25% 20% 15% 10% 5% 0% Applications Data centre Network Servers Storage
23% 23% 20% 18% 16%

100% 80% 60% 40% 20% 0% 6-10% 1-5% > than 25%
57% 36% 7%

Figure 26: Strategy regarding IT rationalisation

Figure 27: Savings of IT rationalisation

30% 25% 20% 15% 10% 5%

4% 16% 14% 14% 14% 11% 25%

0%

2%

Security

Complexity

Availability

Costs

Rules and regulations

Technology

Reliability

Privacy

Figure 28: Issues and challenges regarding IT rationalisation

2013 KPMG Advisory N.V.

Banking systems survey 2012 | 23

Appendix
We have surveyed banking organisations who have their activities focused mainly on the Dutch market. A total of 20 respondents took part in the survey. In the 2010 survey, most of the respondents (55%) were active mainly in the retail segment. In the 2012 survey, the largest proportion of respondents (50%) is active in the wholesale and commercial banking segment. Yet the participating banks are also active in the retail and private banking segment, as both segments are represented by a combined 70% of the participating banks. Compared to the 2010 survey, respondents in the 2012 survey had more various professional backgrounds. This year, 64% of respondents are from IT management (including CIO/CTO, IT managers and directors). The remaining 36% is composed of project portfolio managers, internal auditors and heads of risk management and others. The participating banks vary in size. In the 2010 survey, the majority of the participating banks (86%) employed less than 500 FTEs. This has changed signicantly in the 2012 survey; now only 43% of the participating banks employ less than 500 FTEs and 57% employ more.

100% 80% 60% 40% 20% 0% Private banking clients Retail clients Wholesale and commercial banking clients
30% 15% 50% 40%

Other

Figure 29: Target markets of participating banks

100% 80% 60% 40% 20% 0% IT management Other

36% 64%

Figure 30: Position of respondents

100% 80% 60%

57%

40% 20% 0%

41% 24%

45% 19%

%of Total (2010) % of Total (2012)

We would like to acknowledge the contribution of our colleagues who helped develop this report: - Rob Voster - Lisette Ens - Lodewijk Benjaminse

14%

0-249

250-499

Above 500

Figure 31: Number of FTEs at participating banks

2013 KPMG Advisory N.V.

Contact us Brigitte Beugelaar Partner KPMG IT Advisory Financial Services T.: +31 20 656 8173 E.: [email protected] KPMG Laan van Langerhuize 1 1186 DS Amstelveen Postbus 74105 1070 BC Amsterdam

www.kpmg.nl

2013 KPMG Advisory N.V., registered with the trade register in the Netherlands under number 33263682, is a subsidiary of KPMG Europe LLP and a member rm of the KPMG network of independent member rms afliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Printed in the Netherlands. The KPMG name, logo and cutting through complexity are registered trademarks of KPMG International. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.